Blending Industry Expertise with Cybersecurity Credibility: Insights From PwC’s EMEA Financial Services Team

Compelling Cybersecurity Needs Meet PwC’s Capabilities

A July 1, 2024, briefing by PwC’s EMEA Financial Services (FS) team provided TBR with a closer look at PwC’s largest industry practice by revenue and the ways the firm has blended industry expertise with cybersecurity managed services experience and credibility. Julian Wakeham, UK EMEA Consulting Financial Services leader; Moritz Anders, Digital Identity lead, Cyber Security & Privacy, Germany; and Joshua Khosa, Service lead, Cyber Managed Services, Germany, steered the discussion for PwC.


Anders said FS clients’ three compelling cybersecurity needs — compliance, cost optimization and talent — shaped PwC’s approach to cybersecurity managed services and, in TBR’s view, will be consistent revenue drivers for PwC as those needs will be perpetual. The challenges around recruiting and retaining highly specialized cybersecurity experts, for example, remain outside the core functions of most enterprises, yet the cybersecurity risks continue evolving, necessitating that consultancies step into that role. A significant part of PwC’s value, therefore, comes from assembling and deploying experts in both cybersecurity and the underpinning enterprise technologies.


Critically, according to Anders, PwC has approached cybersecurity managed services not as an IT play, where it can simply throw technology and people at the problems, but as an ongoing business challenge best tackled through a highly automated architecture and a sustained focus on business outcomes.


Echoing the three compelling cybersecurity needs highlighted above, Anders and Khosa provided details about a use case with a Europe-based bank that delivered three clear business outcomes: “compliance and audit readiness, operational efficiency, and enhanced security,” with the last relying, in part, on PwC using its alliance partners to keep emerging technologies and updates flowing to the client.


In TBR’s view, the compliance and audit-readiness components reflect PwC’s legacy strengths and brand around governance, risk, and compliance, and the operational efficiency outcomes build on the firm’s decades-old emphasis on and experience with operations consulting. In short, PwC continues playing to its strengths.


At the end of the briefing, the PwC team was asked why this particular Europe-based bank chose PwC for a complicated, multiyear cybersecurity managed services engagement. Anders said PwC remained direct and humble throughout the selection process, informing the client, without marketing spin, what PwC could and could not do well.


Among the strengths PwC brought to the table, according to Anders, was Europe-based talent at scale, in contrast to competitors, which relied on offshore resources. Wakeham noted PwC’s flexibility, focus on business problems (and not just selling technology solutions), PwC’s Industry Edge+ as a key enabler for business model reinvention, and the “deep trust” PwC’s clients have in the firm. 

Watch Now: TBR Vice President Dan Demers and TBR Principal Analyst Patrick M. Heffernan discuss trends expected to shape the market in 2024, including GenAI’s impact on ecosystem alliances and how clients use TBR’s research and analysis to add context to strategic questions and address challenges around alliance enablement

Business Model Reinvention, Ecosystem Strategy and Expansive Capabilities

Reflecting on the EMEA FS briefing and previous discussions with PwC across topics and capabilities as diverse as people advisory services, IoT and generative AI, TBR made a few observations. First, PwC’s focus on “business model reinvention” was mentioned at the beginning and end of the discussion, with Wakeham acknowledging that the firm did not create that term or idea but explaining that PwC’s own market research indicated the importance to CEOs of that strategic focus. TBR reported earlier this year on PwC’s ideas around business model reinvention and notes that while previous strategic shifts have taken time to gain traction across the PwC member firms, business model reinvention appears to have considerable momentum and heft.


Second, PwC’s alliances strategy appears to be evolving as both the competitive and ecosystem landscapes change, with increased expectations that technology partners will bring business to PwC. In contrast to the usual equivocation and lack of details around how ecosystem partners can play a role in PwC’s go-to-market strategy, the EMEA FS team provided both a direct answer to TBR’s question about whether partners bring PwC into client projects and an explanation for the underlying reasons why software vendors would introduce PwC into an engagement.


PwC maintains a vast array of technology partnerships across cybersecurity, enterprise platforms, cloud, IoT and more, necessitating a well-managed ecosystem effort and providing extensive opportunities to gain new clients and expanded opportunities within existing accounts. Continually refining the ecosystem playbook will be vital to PwC’s continued success.


Lastly, PwC’s EMEA FS team provided another example of the breadth of the firm’s capabilities, an element of PwC’s value proposition that can sometimes be forgotten when focusing too intently on one piece of the overall firm. For example, in cybersecurity managed services, PwC brings expertise and capabilities in cyber incident response, smart cyber defense, cybersecurity upskilling, identity and access management, and OT & IT security, to name a few.


TBR believes the extent of PwC’s capabilities and offerings, while not unique, can sometimes be lost on clients and ecosystem partners that are focused on the immediate services the firm is bringing to their engagement. If PwC remains focused on business model reinvention and continues evolving its ecosystem strategy, the breadth of the firm’s capabilities will become the underlying strength that sustains PwC’s success.